- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 19 Jan 2014 10:29:11 +0100
- To: Kumar McMillan <kmcmillan@mozilla.com>
- CC: Web Payments CG <public-webpayments@w3.org>, Joseph Potvin <jpotvin@opman.ca>
On 2014-01-17 21:44, Kumar McMillan wrote: > RE: https://newsroom.mastercard.com/press-releases/mastercard-visa-and-american-express-propose-new-global-standard-to-make-online-and-mobile-shopping-simpler-and-safer/ > > "The proposed framework has incorporated the input of many stakeholders, particularly card issuers and merchants. Over the coming weeks, the framework will also be presented to other partners and independent industry bodies…" > > Does anyone know if MasterCard actually presented a proposal and if so, presented it publicly? I'm curious to see what it was. > > I think adopting a token standard would be a small but important step toward more secure web payments. It seems easy to achieve given its relatively small scope. Especially nice is that it doesn't depend on any other payment asset definition or verification protocol or user identity spec, etc. It would specify how to process a transaction and nothing else, thus, easy to wedge into existing buy flows. From: https://newsroom.mastercard.com/press-releases/mastercard-visa-and-american-express-propose-new-global-standard-to-make-online-and-mobile-shopping-simpler-and-safer "Once a standard is agreed to and implemented, issuers, merchants or digital wallet providers would be able to request a token so that when an account holder initiates an online or mobile transaction, the token – and not the traditional card account number" To me this looks like a considerably upgraded payment system. Although the words "Innovation" and "Banks" in the same line doesn't parse in my brain, this may actually be more useful than "Secure Code" and similar nonsense systems launched in the past. I'm quite curious on how this token is created and its relation to the client platform. Anders > > A tokenization standard could even go hand in hand with request autocomplete. > > > On Jan 17, 2014, at 9:46 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > >> Thanx Joseph, you raised many interesting questions. >> >> One was if this is "Open Standardization". This is IMO a huge problem for the traditional payment industry and essentially everything involving banks: They really don't want to operate in open. That's why they never managed making EMV-cards usable on the Internet which also made the EMV value proposal quite lame since the fraudsters simply moved their activity to the Internet targeting "Card not present" transactions. >> >> "Software Patents" is another great topic. IPR folks have indicated that my SKS/KeyGen2 scheme violates tons of smart card patents. Since I have never read these patents and not that many specifications either, my guess is that the solutions become more or less obvious when you actually begin working in this space. To be on the safe(er) side I have filed some of the core ideas as "Defensive Publications". http://ip.com/IPCOM/000229430 http://ip.com/IPCOM/000215433 >> Although getting a nickel in license fee for every phone sold would be great, a patent would in reality only work as a blocker and destroy whatever value the idea had. >> >> Cheers, >> Anders >>
Received on Sunday, 19 January 2014 09:29:41 UTC